"Terms and conditions including privacy and personal data protection rules and guidelines" of the IoT Lab project

This document gathers the privacy and personal data protection rules and guidelines adopted by the European IoT Lab research project (www.iotlab.eu).
It is intended to serve as a common set of rules and guidelines to be applied and respected by the various users and stakeholders interacting with the
IoT Lab platform and tools. It is integrally part of the contractual agreement binding the users of the IoT Lab platform, applications and tools, as well
as the data controllers and other partners who have access to the IoT Lab collected data. Complementary and updated information on privacy and personal
data protection policy are made available on the IoT Lab website, including a form to contact the Personal Data Protection Officer and the
data processor.

Definitions

Terms such as 'personal data', 'process/processing', 'data controller', 'data processor', 'data subject' shall have the same meaning as
per applicable European data protection law, such as Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the
protection of individuals with regard to the processing of personal data and on the free movement of such data. In line with the above mentioned
references and for the purposes of these clauses,
(a) ‘Personal data’ are any collected data that can be linked by reasonable means to a physical person. Data that cannot be linked to a physical
person by reasonable means, including data linked to a pseudo and/or fully anonymized data, are not considered as personal data;
(b) ‘Users’ are understood as any individual or legal entity using the IoT Lab applications or tools, including any data provider or researcher;
(c) 'processing of personal data' ('processing') shall mean any operation or set of operations which is performed upon personal data, whether or not
by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by
transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;
(d) 'data controller' shall mean the natural or legal person, public authority, agency or any other body which alone or jointly with others determines
the purposes and means of the processing of personal data;
(e) 'data processor' shall mean a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the
controller;
(f) 'consent' shall mean any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal
data relating to him being processed;
(g) “sensitive data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership,
and the processing of data concerning health or sex life;
(h) ‘end-user’ means any natural person using an on line and/or electronic communication service and/or an application in the context of IoT Lab project,
for private or business purposes;
(i) 'the subprocessor' means any processor engaged by the data processor or by any other subprocessor of the data processor who agrees to receive from the
data processor or from any other subprocessor of the data processor personal data exclusively intended for processing activities to be carried out on
behalf of the data controller after the transfer in accordance with his instructions, the terms of these clauses and the terms of the written subcontract;
(j) 'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their
right to privacy with respect to the processing of personal data applicable to a data controller in the State in which the data controller is established;
(k) 'technical and organisational security measures' means those measures aimed at protecting personal data against accidental or unlawful destruction
or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network,
and against all other unlawful forms of processing.

Common rules and agreement binding all IoT Lab users and partners

Each user (including data controllers, data processor and/or user generating or accessing content in the context of IoT Lab project) commits to respect
the rules and guidelines defined in the present section and to make them respected by their agents (collaborators, students, employees, etc.).

IoT Lab platform is guided by the following principles to be respected by all users and partners:
- Respecting privacy, personal data protection and freedom of choice;
- Principle of prior informed consent, by informing and requesting the users consent before collecting personal data;
- Proportionality, by limiting the collection of personal data to what is useful and relevant;
- Personal data dissociation: if personal data are collected, the system will intend to dissociate the personal data from the other collected data;
- Minor of age protection, by restricting the personal data collection of minor of ages;
- Collective responsibility: all users and stakeholders are invited to respect those rules and to inform the privacy officer of the project of any identified breach;
- Universality: the privacy and personal data protection standards followed by the IoT Lab platform are binding the users and other interacting parties, regardless of
their country of residence;
- Secured data storage on servers located in European countries;
- No personal data transfer to third parties, including to companies and public administrations (except in case of unlikely judiciary founded request);
- Respecting employee rights: in case a project purpose implies to collect and process personal data of workers through a labour-based relationship,
the data provider shall take into account and respect any and all applicable national labour laws before any data collecting and processing.

All users, partners and their agents commit to process any personal data in accordance with the principles set out above, as well as to privilege
aggregated and/or anonymous data, and not to keep any personal data longer than necessary.

All users, partners and their agents, including all IoT Lab data providers:
- Acknowledge that IoT Lab is committed to promote sustainable development, human rights, democracy, peace, gender equality and environment
protection,- and prohibits the use of its platform for any experiment which may by contrary to those values;
- Acknowledge that IoT Lab is a multidisciplinary research platform, and by contributing data, explicitly authorize the use of non-personal data,
including aggregated and anonymized data, for research purpose, including for publications;
- Understand that the platform is provided on a best effort basis, as is, and relies on a free and voluntary participation;
- Acknowledge and agree that data that cannot be linked to a physical person by “reasonable means” are not considered as personal data;
- Aknowledge that the use of pseudo to log on the platform to create an account without providing the real name and/or physical address
of the user constitutes a valid form of anonymization and should not be considered as part of a personal data;
- Ensure that adequate security, technical and procedural measures are adopted in order to avoid the commission of cybercrimes and/or of
intellectual property violations and/or of any other crimes through the use of IoT platform;
- Aknowledge that IoT services cannot be subcontracted/sup-provided to third parties without IoT Lab express and written agreement;

Disclaimer and litigation clauses:
By using and interacting with the IoT Lab platform, all users, partners and their agents, including all IoT Lab data providers, agree to be bound
by the following clauses and explicitly:
- Acknowledge and agree to respect the IoT Lab Data Privacy Protection rules and guidelines as well as the European directives and norms on personal
data protection;
- Acknowledge and agree that IoT Lab platform users can control the data they want to share and can opt out and withdraw at any time;
- Acknowledge and agree that the IoT Lab platform is provided as is;
- Acknowledge and agree that users provide data or equipment to IoT Lab at their own risk. In no event IoT Lab will be liable for any loss or
damage including, without limitation, indirect or consequential loss or damage, or any damage however arising from loss of data or loss of profits
occurred in connection with the IoT Lab participation;
- Renounce to any claim against the IoT Lab consortium, partners and agents for any damage or prejudice, which has not been intentionally caused by one
or several members of the IoT Lab consortium,- in case of intentional damage, the claims should be targeted exclusively to the intentional author of the
damage;
- Acknowledge and agree that the present rules can evolve and be updated by IoT Lab by publishing it on its website;
- Acknowledge and agree that at the end of the research project, the management of the platform may be transferred to a more sustainable entity replacing
the consortium, and bound by the same agreements and obligations;
- Agree to set the legal jurisdiction for any legal dispute in Geneva (in Switzerland) or alternatively in Brussels (in Belgium), and explicitly renounce
to and exclude any other jurisdiction.

In addition, the platform intends to ensure that collected data remain fully anonymous:
- Users commit NOT to collect any personal identifiers such as emails, phone number, names or any other
information that may enable to identify the participant.
- Users commit NOT to collect sensitive data (“Special category of data”) such as: information
related to health; sex life or sexual orientation; religious, political or philosophical believes;
racial or ethnic origin; trade-union membership.
- Users commit NOT to collect any biometric data.
- Data that are provided are fully anonymized and can be used only within the scope and
purpose of the research for which they have been collected or its potential extension, as long
as the overall purpose remain the same.
- Researchers commit NOT to reuse and transmit the
data for other experiments outside of the scope of the initial research for which the data have
been collected.

Complementary commitments binding data controllers and processors

Partners of IoT Lab who act as data controller are bound by the obligations foreseen by European data protection law, including the duty to
inform data subjects, as well as to implement the present privacy policy.
Each data controller and data processor in the context of IoT Lab project
commits to:
- Request a written commitment to abide and respect the present rules from their agents (collaborators, students and employees) who can access personal data;
- Inform the end-user through the IoT Lab website for how long their personal data will or may be retained;
- Ensure to end-user the possibility to access, rectify, delete or block his/her personal data through the IoT Lab website;
- Inform the IoT Lab Consortium about:
• the location(s) of all data centres where personal data shall be processed, and in particular, where and how they may be stored, mirrored,
backed up, and recovered;
• the identity of subcontractors and subprocessors participating in the personal data processing and any changes in the chain thereof,
ensuring that all the requirements used to protect data are fulfilled;
• relevant changes concerning applicable cloud computing services with an impact on personal data, such as the implementation of
additional functions;
• any data breach without delay, indicating the typology of damage realized and, at the end of the duly internal investigation, the possible
cause;
• whether personal data might be transferred outside the EU, backed up and/or recovered across borders, in the regular course of operations
or in an emergency.

Each data controller and/or data processor in the context of IoT Lab project acknowledges that IoT Lab Consortium intends to develop an on line platform software
guided by the following principles on a best effort basis:
- As easier as possible in terms of understanding, accessibility and full control of the interaction by the end-user;
- Ensuring complete awareness of end-user about any consequences his/her actions can realize through the software use;
- In order to protect minors' data and to avoid unlawful consent, the platform software shall provide for
an automatic age control mechanism with the
possibility to limit the use of the platform, by taking into account the minor's level of physical and psychological maturity, evaluating if the minor
is mature enough to decide in his or her own interest the participation to all or selected IoT Lab based services;
- The platform software shall also help preventing an excessive use and/or psychological dependence on/addiction to the IoT Lab services.

Data Controllers' specific commitments

Each data controller in the context of IoT Lab project commits to the following guidelines:
- Whenever any personal data is collected, explicitly state the precise purpose for the collection and all the ways that the information might be
used, including any plans to share it with other parties;
- Explicitly state how long this data will be stored and used, consistent with the "minimization" principle;
- Communicate the IoT Lab privacy policy to individuals whose data is being collected;
- Provide clear and accessible details on how to contact someone appropriate to obtain additional information or to resolve problems
relating to stored personal data;
- Ensure that personal data is sufficiently accurate and up-to-date for the intended purposes;
- Ensure the data subjects' rights of access and rectification of personal data concerning him or her;
- Ensure that all corrections are propagated in a timely manner to all parties that have received or supplied the inaccurate data;
- Promote accountability for how personal data is collected, maintained, and shared;
- Enforce adherence to privacy policies through such methods as audit logs, internal reviews, independent audits;
- Maintain provenance -- information regarding the sources and history of personal data -- for at least as long as the data itself is stored as
personal data.

In particular, the data controllers shall:

- Ensure internal accessibility to the information about its identity, location and role, and appoint an internal IoT Lab Project Personal Data
Protection Officer who shall ensure the full implementation of European Directives on personal data protection, on behalf of the data controller;
- Enable the end-user to actively decide which personal data he/she is willing to share
- Inform the end-user about where personal data are stored and the methods available or employed to delete data and whether personal
data may be retained after the end-user has deleted (or requested deletion of) the data, or after the termination of the contract with
the IoT Lab Consortium, and in each case the period during which they will retain the data;
- Implement systematic mechanisms to evaluate, reduce, and destroy unneeded and stale personal data on a regular basis, rather than retaining
it indefinitely,- this mechanism is considered as achieved when data are fully anonymized;
- Provide mechanisms to allow individuals to determine with which parties their personal data can be shared, and for what purposes, unless legally
exempted from doing so;
- Before deployment of new activities and technologies that might impact personal privacy, carefully evaluate them for their necessity, effectiveness,
and proportionality: the least privacy-invasive alternatives should always be sought;
- Ensure that the parties most able to mitigate potential privacy risks and privacy violation incidents are trained, authorized, equipped, and
motivated to do so;
- Provide on the website a form to contact the person in charge of receiving questions or complaints regarding the IoT Lab project personal data
processing and privacy issues: this person will act as the official contact point for any third party request on privacy and personal data protection
issues;
- If established outside the EU, shall ensure the appointment of a legal representative in the EU in order to give effectiveness to the possibility
of the end-user/data subject to exercise his/her rights.

Each data controller in the context of IoT Lab project agrees and warrants:
- That the processing of the personal data has been and will be carried out in accordance with the relevant provisions of the applicable data protection
law (and, where applicable, has been notified to the relevant authorities of the Member State where the data controller is established) and does not
violate the relevant provisions of that State;
- That it has instructed and throughout the duration of the personal data processing services will instruct the data processors to process the personal
data transferred only on the data controller's behalf and in accordance with the applicable data protection law and these clauses;
- That any subject appointed as data processor will provide sufficient guarantees in respect of the technical and organisational security measures indicated
in these clauses and in the relevant document available on the website: www.iotlab.eu
- That after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data
against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves
the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate
to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their
implementation;
- That it will ensure compliance with the security measures indicated in relevant document available on the website: www.iotlab.eu;
- That, if the processing will imply the transfer of personal data outside the European Union, the data subject has been informed or will be informed
before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the
meaning of the European Directive 95/46/EC;
- To make available to the data subjects upon request or on the IoT Lab website a summary description of the security measures adopted;
- That, in the event of subprocessing, the processing activity is carried out by a subprocessor providing at least the same level of protection for the
personal data and the rights of data subject as the data processor.

IoT Lab Consortium and each data controller in the context of IoT Lab project shall ensure compliance with the principle of prior informed consent by the
end users, and the exercise of the right of access within the app and by web feature in a "user friendly" fashion.

IoT Lab Consortium and each data controller in the context of IoT Lab project acknowledges that:
- The end-user shall be able to set-up the application according to his/her will; for instance whether the end-user is willing to allow the application
to run as a background process on his/her smartphone;
- Geolocalization requires previous end-user's and shall provide, if reasonably implementable, the possibility to choose the level of
"granularity of geolocalization". Once the localization is activated, an icon shall inform that location service is activated. The end-user can
continuously withdraw his/her consent to geolocalization, without having to exit the application. The end-user should be able to easily and permanently
delete any personal location data stored by the IoT Lab application on the device.

Data processors' specific commitments

Each data processor agrees and warrants:
- To process the personal data only on behalf of the data controller, according to specific agreement, and in compliance with its instructions and these
clauses;
- that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data controller and
its obligations under the data processing agreement and that it will promptly notify the controller of any critical change in the mentioned legislation;
- that it has implemented the technical and organisational security measures detailed in the relevant document available on the website (www.iotlab.eu)
before processing the personal data transfer;
- that it will promptly notify the data controller about:
(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition
under criminal law to preserve the confidentiality of a law enforcement investigation,
(ii) any accidental or unauthorised access, and
(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
- to deal promptly and properly with all inquiries from the data controller relating to its processing of the personal data subject to the transfer and to
abide by the advice of the competent supervisory authority with regard to the processing of the data transferred;
- at the request of the data controller to submit its data processing facilities for audit of the processing activities covered by these clauses which shall
be carried out by the data controller;
- to make available to the data subject upon request a copy of the data processing agreement, or any existing contract for subprocessing, and a summary
description of the security measures in those cases where the data subject is unable to obtain a copy from the data controller.

Subcontracting and subprocessing may only take place by way of a written agreement with the subprocessor in the name and on behalf of data controller,
which imposes the same obligations on the subprocessor as are imposed on the data processor under these clauses. Where the subprocessor fails to fulfil
its data protection obligations under such written agreement the data processor shall remain fully liable to the data controller for the performance of
the subprocessor's obligations under such agreement.

Each data processor in the context of IoT Lab project agrees that on the termination of the provision of data processing services, the data processor and
the subprocessor shall, at the choice of the data controller, return all the received and stored data and the copies there of to the data controller or shall
destroy all the received and stored data and certify to the data controller that it has done so, unless legislation imposed upon the data processor prevents
it from returning or destroying all or part of the personal data transferred. In that case, the data processor warrants that it will guarantee the
confidentiality of the transferred data and will not actively process the transferred data anymore.

The data processor and the subprocessor warrant that upon request of the data controller and/or of a supervisory authority, it will submit its data
processing facilities for an audit.